SHOs 0 The Gist: Group-IB researchers stumbled upon a poorly secured malware server online. This server was used to control two types of PoS malware, MajikPOS and Treasure Hunter, and was packed with over 167,000 stolen credit card records! 💳🕵️♂️ The Details: Target: 133 Point-of-Sale terminals, mostly in the US. Timeframe: The server collected data from Feb 2021 to Sept 2022. Who's behind it? Still a mystery. 👻 Value: Analysts estimate the stolen data could be worth over $3.3 million on the dark web. Cha-ching! 💰 Victims: So far, 11 US-based companies have been identified. The Malware Evolution: The hackers started with Treasure Hunter (an old-school RAM scraper from 2014, whose code is freely available online). Then, this year, they upgraded to MajikPOS (first seen in 2017). Why the switch? MajikPOS is simply better—it has a nicer admin panel, more detailed logs, and uses encryption. Both are built from leaked source codes and infect systems the same way: by scanning for poorly secured VNC/RDP ports and guessing passwords. 🤖 The Big Picture: Even though PoS malware isn't as trendy with criminals as it used to be (thanks to better industry security), it's far from dead. PoS systems are still everywhere and often have vulnerabilities. Plus, notorious groups like FIN7 (Carbanak) still use these attacks. So, the threat is still real! ⚠️ What's Being Done: Group-IB has shared all its findings with US financial threat intelligence networks. 🚨 Quote Share this post Link to post Share on other sites
